In many countries operators and Internet service providers are today obliged by legal requirements to provide stored traffic and user data generated from public telecommunications and Internet services for the purpose of detection, investigation and prosecution of crime and criminal offences, including terrorism.
FIG. 1 depicts the known arrangement for retaining data in a Communication Service Provider 1 (CSP). Specifically, the CSP 1, which may incorporate existing communication systems 2, is provided with a Data Retention System (DRS) 3 for exchanging retained data with a Requesting Authority 4, which may be a Law Enforcement Agency (LEA).
The data exchanged between the CSP 1 and the Requesting Authority 4 comprises requests from the Requesting Authority 4, corresponding responses from the DRS and other DR information, such as results of the requests and acknowledgements of receipt. The interfaces through which the CSP and DRS exchange the above data with the Requesting Authority are denoted as Handover Interfaces.
The generic Handover Interface adopts a two-port structure in which administrative request/response information and Retained Data Information are logically separated. In particular, a first Handover Interface port HI-A 5 is configured to transport various kinds of administrative, request and response information from/to the Requesting Authority 4 and an organization at the CSP 1 that is responsible for Retained Data matters, identified by an Administration Function 7.
A second Handover Interface HI-B 6 is configured to transport the retained data information stored in a repository 9 from the CSP 1 to the Requesting Authority 4. The individual retained data parameters have to be sent to the Requesting Authority 4 at least once (if available). To this aim, a Mediation/Delivery function 8 is provided, for retrieving the retained data from the memory means 9 and forward such data to the Requesting Authority 4 in a suitable format through the HI-B 6.
A second system for accessing communications related data is the well-known Lawful Interception (LI) system, which is depicted in FIG. 2. The standard architecture 10 comprises an Intercepting Control Element (ICE) 11 providing the user equipment of the target identity with an access to the telecommunications network. ICEs may be, for instance, a Mobile services Switching Center (MSC) Server, a Gateway MSC Server (GMSC), a Serving GPRS Support Node (SGSN), or a Gateway GSN (GGSN).
The architecture 10 further comprises one or more Law Enforcement Monitoring Facilities (LEMFs) 12 through which respective LEAs receive interception information.
An Administration Function (ADMF) entity 13 is further configured to send the target identity and LI authorization data from the LEAs to the ICE.
In order to deliver the intercepted information to the LEAs, two Delivery Functions (DF) entities are provided, each exchanging respective portions of information with the ADMF and the LEMF 12.
In particular, a DF2 entity 15 is configured to receive Intercept Related Information (IRI) from the ICE and to convert and distribute the IRI to the relevant LEAs via a second Handover Interface 16 (HI2) by means of a Mediation Function (MF) 17.
A DF3 entity 18, instead, is configured to receive Content of Communications (CC) information from the ICE 11 through an X3 interface, and to convert and distribute such information to the relevant LEA through an MF 19 and a third Handover Interface (HI3).
In the current LI standard solution, when intercepting a target identity it is not possible for the Authorities to have easy access to all relevant data, like historical user/traffic information related to the target under interception, with minimum effort for data protection as well as minimum involvement from the Operator personnel.
Another drawback of the prior art is that when the legal interception is activated for a specific target identity, it is not always possible to verify the effectiveness of the monitored target identity, during time span of the judge warrant ordering the monitoring: in other words, the target identity could be no longer associated to the investigated person or no longer a valid traffic identity.
Yet another drawback from the network operator point of view is that correct interception on the basis of the target identities ordered by LEA is not guaranteed. By “correct” it is intended the capability to provide interception triggers in the network whichever service is applicable for the ordered target identity. The network operator has a network topology on which it spreads the court order for interception and it is not always possible to verify the correctness of such topology against the real network scenario of the target subscriber.
As example, in the next generation networks, a target identity can be used to generate traffic for many and different services. With particular regard to new multimedia services, not all traffic nodes has an ICE function immediately available, due to complexity in implementing new interception service logics and because of the multi-vendor scenario.
Therefore, when the LEA is requesting to intercept the traffic done by a given target identity, the network operator currently cannot detect all the applicable network services for such identity and detect the network nodes where to set up the interception triggers. This scenario may lead to bad interception that could be documented by LEA only by means of parallel investigation activities done via other tools, like analysis of retained data.